Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
craftcms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-40035
Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability...
Craftcms Craft Cms 4.0.0
Craftcms Craft Cms
NA
CVE-2023-33196
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
Craftcms Craft Cms 4.0.0
Craftcms Craft Cms
NA
CVE-2023-32679
Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string('') in the View.php's doesTemplateExist() -> resolveTemplat...
Craftcms Craft Cms
4.3
CVSSv2
CVE-2022-28378
Craft CMS prior to 3.7.29 allows XSS.
Craftcms Craft Cms
4.3
CVSSv2
CVE-2019-12823
Craft CMS prior to 3.1.31 does not properly filter XML feeds and thus allowing XSS.
Craftcms Craft Cms
NA
CVE-2023-2817
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries...
Craftcms Craft Cms
6.8
CVSSv2
CVE-2021-41824
Craft CMS prior to 3.7.14 allows CSV injection.
Craftcms Craft Cms
6.8
CVSSv2
CVE-2022-29933
Craft CMS up to and including 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality....
Craftcms Craft Cms
4.3
CVSSv2
CVE-2021-27902
An issue exists in Craft CMS prior to 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.
Craftcms Craft Cms
4.3
CVSSv2
CVE-2017-8384
Craft CMS prior to 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052.
Craftcms Craft Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »